Configuration contexts

Configuration contexts are used to determine the specific configuration of Airlock IAM based on how IAM is accessed. Using this feature it is possible for IAM to behave differently based on, e.g., the client or the target URL.

Configuration contexts may be used to avoid duplicating large parts of a configuration to adapt it to a particular context.

It is recommended to use configuration contexts sparingly.

Configuration context examples

How a meaningful configuration context is determined depends on the use case.

  • The following list shows some examples to illustrate the flexibility of this feature. Configuration context can be determined based on:
  • Client IPs (e.g. intranet access vs. internet access).
  • URL the Loginapp¬†was accessed by:
    • Domain a.iam.com or b.iam.com
    • Context path /auth/ or /secure/¬†
  • Information from a client certificate (mutual TLS).

Supported IAM modules

Some Airlock IAM modules do not support configuration contexts.

  • Support is limited to the following modules:
  • Loginapp REST API
  • Transaction Approval module
  • API Policy Service

Limitations

  • The following are limitations of the current implementation of configuration contexts:
  • Configuration contexts are determined on the Airlock IAM server and not in the browser. Using Configuration contexts with the Loginapp UI may not yield the expected results.
  • To use configuration contexts successfully with Flows it must be guaranteed that the configuration context never changes during an entire flow. A change in the configuration context will abort the Flow as a failure.